See how to use the Validate JWT policy to pre-authorize access to operations based on token claims.

See how to use an API Inspector trace to see how policies are evaluated and the results of those evaluations.

See how to use expressions with the Get from cache and Store to cache policies to configure API Management response caching. Set a duration that matches the response caching of the backend service as specified by the backed service's Cache-Control directive.

See how to perform content filtering. Remove data elements from the response received from the backend using the Control flow and Set body policies.

Usage

Expressions can be used as attribute values or text values in any API Management policies (unless the policy reference specifies otherwise).

Important

When you use policy expressions, there is only limited verification of the policy expressions when the policy is defined. Expressions are executed by the gateway at run-time, any exceptions generated by policy expressions result in a runtime error.

.NET Framework types allowed in policy expressions

The following table lists the .NET Framework types and their members that are allowed in policy expressions.

The context.Request.Body.As<T> and context.Response.Body.As<T> methods are used to read a request and response message bodies in a specified type T. By default the method uses the original message body stream and renders it unavailable after it returns. To avoid that by having the method operate on a copy of the body stream, set the preserveContent parameter to true. Go here to see an example.

If the input parameter contains a valid HTTP Basic Authentication authorization value in the request header the method returns true and the result parameter contains a value of type BasicAuthCredentials; otherwise the method returns false.

BasicAuthCredentials

Password: string

UserId: string

Jwt AsJwt(input: this string)

input: string

If the input parameter contains a valid JWT token value, the method returns an object of type Jwt; otherwise the method returns null.

bool TryParseJwt(input: this string, result: out Jwt)

input: string

result: out Jwt

If the input parameter contains a valid JWT token value, the method returns true and the result parameter contains a value of type Jwt; otherwise the method returns false.